Odd result today. We noticed that our recursive resolvers are not
returning AAAA for www.google.com and www.facebook.com. Facebook was
most certainly working earlier in the week (they seemed to serve a AAAA
earlier than anyone else).
Further investigation using "dig @theremotedns" shows that other servers
at our site are able to see AAAA, but our recursive DNS servers are not;
that is, I don't think it is our DNS software.
It seems that the IP addresses of our DNS servers have made it into some
kind of blacklist / greylist that is common to Google, Facebook and
others. Indeed, I can confirm this by adding another IP alias to the box
and using "dig -b":
[root at rdns1 ~]# dig +short -b 155.198.62.111 @glb1.facebook.com.
www.facebook.com aaaa
2a03:2880:2110:3f03:face:b00c::
[root at rdns1 ~]#
[root at rdns1 ~]# dig +short -b 155.198.62.11 @glb1.facebook.com.
www.facebook.com aaaa
[root at rdns1 ~]#
I can't really imagine what's happening, unless the "big 5" (Google,
Yahoo, Facebook, Bing, Youtube) are sharing some kind of automated data
source, and for some reason that source believes we have "brokenness"
(which we don't; our own website and email service are IPv6-enabled!)
Suggestions welcome.
Puzzled.
Phil